laplas | 4d3a56f72a6ba38c792e6a26b49e86340e1855e632989a2b9c96366d98b7854c | Triage

Sharing

General

Target

4d3a56f72a6ba38c792e6a26b49e86340e1855e632989a2b9c96366d98b7854c
Size

1.8MB
Sample

230314-m4bresha4s
MD5

f9e1fe91c4bddda6ccee9e5871efc6e9
SHA1

4f8ab5685445d86e10748aed7f252ca37d4a5472
SHA256

4d3a56f72a6ba38c792e6a26b49e86340e1855e632989a2b9c96366d98b7854c
SHA512

97ade1fcc95ac377390e8427dd6dabf4421215d49b0d272613a3490d39ecba66277f1df9b640119de44bfeca5d9d2a84578f276da17c518abd57967ed4f11576
SSDEEP

49152:/aReybbRUTbMRS+9sJuC2btZUs2qd2XcQeh2osJYJb:/3ySfMS+aMbmqXQegosJYJ

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Targets

- Target
  
  4d3a56f72a6ba38c792e6a26b49e86340e1855e632989a2b9c96366d98b7854c
- Size
  
  1.8MB
- MD5
  
  f9e1fe91c4bddda6ccee9e5871efc6e9
- SHA1
  
  4f8ab5685445d86e10748aed7f252ca37d4a5472
- SHA256
  
  4d3a56f72a6ba38c792e6a26b49e86340e1855e632989a2b9c96366d98b7854c
- SHA512
  
  97ade1fcc95ac377390e8427dd6dabf4421215d49b0d272613a3490d39ecba66277f1df9b640119de44bfeca5d9d2a84578f276da17c518abd57967ed4f11576
- SSDEEP
  
  49152:/aReybbRUTbMRS+9sJuC2btZUs2qd2XcQeh2osJYJb:/3ySfMS+aMbmqXQegosJYJ
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer